For businesses that have a lot of resources tied up in logistics and inventory, enterprise resource planning (ERP) systems can be a lifesaver. However, you should never invest in an ERP system blindly. With so much valuable data filtering through such a system, you must pay attention to cybersecurity.
Understanding the Need for ERP Security
The goal of ERP software is to help organizations manage the day-to-day business activities they face – such as project management, manufacturing, and accounting – with minimal friction and seamless oversight. Modern ERP systems truly are remarkable in their functionality and utility.
One of the key principles of ERP is the central collection of data for broad distribution across the organization. Instead of having a bunch of individual databases storing fragmented data, everything is organized into a single data reservoir where the appropriate parties push and pull the information they need to perform their job functions properly.
In 99.99 percent of situations, ERP systems improve functionality for businesses and allow them to accomplish tasks more efficiently and effectively. But any time you have so much data funneling through a single system, there’s always the risk that it could become compromised – especially in today’s hostile cyber environment.
According to a 2017 report published by Crowd Research Partners, 89 percent of security experts anticipate more attacks against ERP systems in the near future, while 30 percent expect a significant increase in the number of attacks.
How to Enhance ERP Security
If leading security experts are worried about ERP security, you should be too. Without data integrity, ERP systems collapse. The question is, what can be done to improve security and mitigate threats?
- Move to the Cloud…Now!
There’s a common belief that transitioning to a cloud ERP solution takes a lot of time and energy that businesses don’t have – but this is nothing more than a myth. You have to transition as soon as possible.
“Making critical decisions based on old data and legacy software is like driving a business forward while looking in the rear-view mirror,” ACCEO ERP explains in a recent blog post. “In truth, as your business grows, entering data and synchronizing your systems will consume even more of your time. Contrary to older systems, the modern ERP offers speed and adaptability, with extensive and scalable development applications that can be installed as your business evolves.”
- Control Access to Your ERP System
With each person you give access to your ERP system, you’re opening up another possible entry point for an attack. By controlling access, you reduce risk.
“One simple tactic to help control access to your ERP system is to make sure that all users have good password management habits,” Thriveon explains in a blog post. “That includes using two factor authentication when possible, [using] strong passwords that are changed regularly, and [avoiding] sharing user names and passwords amongst multiple people.”
- Have a Response Plan in Place
One of the most troubling things about ERP security is that most businesses don’t have any sort of plan in place. In fact, the majority of companies don’t even know who’s in charge. According to research, 43 percent think the CIO is responsible, while 28 percent believe it’s the duty of the CISO.
If you stand any chance of protecting your data, you need a response plan in place. You can’t afford to be pointing fingers and figuring out duties on the fly.
Protect Your Data and Your Business
It’s impossible to be serious about ERP in 2018 and beyond without prioritizing data integrity and cybersecurity. Cybercriminals see your company’s ERP system as the “Holy Grail” and will come after it with great intensity. Now’s the time to be proactive and defend your data.
Larry Alton, Writer, LarryAlton.com
[ISACA Now Blog]